package com.kfm.jdbc.day0324;

import java.sql.*;
import java.util.Scanner;

public class Demo {

    public static void main(String[] args) {
        test();
    }


    /**
     * 模拟SQL注入
     */
    public static void login() {
        Scanner sc = new Scanner(System.in);
        //System.out.println("请输入用户名：");
        //String username = sc.next();
        //System.out.println("请输入密码：");
        //String password = sc.next();
        String username = "ls";
        String password = "123467' or '1' = '1";
        try {
            Class.forName("com.mysql.cj.jdbc.Driver");
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
        try {
    Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/store?user=root&password=");
            Statement statement = conn.createStatement();
            // select * from users where name = 'ls' and password = '12345'
            String sql = "select * from users where name = '" + username + "' and password = '" + password + "'";
            //System.out.println(sql);
            ResultSet resultSet = statement.executeQuery(sql);
            if (resultSet.next()) {
                System.out.print("登录成功,id = ");
                System.out.println(resultSet.getObject(1));
            } else {
                System.out.println("登录失败");
            }
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
    }

    public static void login2() {
        Scanner sc = new Scanner(System.in);
        System.out.println("请输入用户名：");
        String username = sc.next();
        System.out.println("请输入密码：");
        String password = sc.next();
        //String username = "ls";
        //String password = "123467' or '1' = '1";
        try {
            Class.forName("com.mysql.cj.jdbc.Driver");
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
        Connection conn = null;
        PreparedStatement preparedStatement = null;
        try {
            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/store?user=root&password=");
            // ? 占位符
            String sql = "select * from users where name = ? and password = ?";
            // 预编译sql
            preparedStatement = conn.prepareStatement(sql);
            // 将占位符替换掉
            preparedStatement.setObject(1, username);
            preparedStatement.setObject(2, password);
            ResultSet resultSet = preparedStatement.executeQuery();
            if (resultSet.next()) {
                System.out.print("登录成功,id = ");
                System.out.println(resultSet.getObject(1));
            } else {
                System.out.println("登录失败");
            }
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
    }

    public static void test() {
        try {
            Class.forName("com.mysql.cj.jdbc.Driver");
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
        Connection conn = null;
        PreparedStatement preparedStatement = null;
        try {
            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/store?user=root&password=");
            // ? 占位符
            String sql = "select * from users";
            // 预编译sql
            preparedStatement = conn.prepareStatement(sql);
            // 将占位符替换掉
            //preparedStatement.setObject(1, username);
            //preparedStatement.setObject(2, password);
            ResultSet resultSet = preparedStatement.executeQuery();
            while (resultSet.next()) {
                System.out.print(resultSet.getObject(1) + "\t");
                System.out.print(resultSet.getObject(2) + "\t");
                System.out.print(resultSet.getObject(3) + "\t");
                System.out.println();
            }
            //if (resultSet.next()) {
            //    System.out.print("登录成功,id = ");
            //    System.out.println(resultSet.getObject(1));
            //} else {
            //    System.out.println("登录失败");
            //}
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
    }

}
